Simple shell script to quickly and easily force Outlook 2016 for Mac out of sandbox.
More info here.
See the script in action here.
Created
November 23, 2015 21:34
-
-
Save jankais3r/89187fde776aa57d9364 to your computer and use it in GitHub Desktop.
Outlook binary patching and signing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "Patching old binary... " | |
| cd "/Applications/Microsoft Outlook.app/Contents/MacOS/" | |
| hexdump -ve '1/1 "%.2X"' "Microsoft Outlook" | \ | |
| sed "s/73616E64626F783C2F6B65793E0A093C747275652F3E/73616E64626F783C2F6B65793E0A093C66616C732F3E/g" | \ | |
| xxd -r -p > "Microsoft Outlook.patched" | |
| # hexdump -> creates hex dump of the binary executable | |
| # sed -> replaces 'sandbox</key><true/>' with 'sandbox</key><fals/>' in the hex dump | |
| # xxd -> rebuilds the edited hex dump back into executable binary | |
| chmod `stat -f %A "Microsoft Outlook"` "Microsoft Outlook.patched" | |
| # copies permissions from the original binary to the patched binary | |
| mv "Microsoft Outlook" ~/Desktop/Microsoft\ Outlook.bak | |
| # backs up the original executable | |
| mv "Microsoft Outlook.patched" "Microsoft Outlook" | |
| echo "Done!" | |
| echo "" | |
| echo "Proceed with signing the new binary:" | |
| echo "sudo codesign -f -s \"CERIFICATE NAME HERE\" /Applications/Microsoft\ Outlook.app/" | |
| # After the binary is successfully patched, sign it with the above command | |
| echo "" | |
| echo "Then verify that signing finished properly:" | |
| echo "sudo codesign -v /Applications/Microsoft\ Outlook.app/" | |
| # Verify the signature. If everything went smoothly, you won't get any output from the above command | |
| # More info: https://ツ.sh/move-profile-folder-location-in-outlook-2016-for-mac/ | |
| # @jansoucek 2015 |
I found the problem, but I haven't found a solution yet. The moment we sign Outlook binary with our own certificate it stops working. Even if no other change was done to the executable. If there is just a problem with the signing process, we might be able to make it work. But if Microsoft decided to start checking the certificate the app was signed with, then there is nothing we can do.
If I just modify the binary, I get the following crash:
Exception Type: EXC_CRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x1
If I make my changes and re-sign the app, I get a different one:
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: DYLD, [0x5] Code Signature
Application Specific Information:
dyld: launch, loading dependent libraries
Dyld Error Message:
Library not loaded: @rpath/OPF.framework/Resources/OPF_Common.dylib
Referenced from: /Applications/Microsoft Outlook.app/Contents/MacOS/Microsoft Outlook
Reason: no suitable image found. Did find:
/Applications/Microsoft Outlook.app/Contents/MacOS/../Frameworks/OPF.framework/Resources/OPF_Common.dylib: code signature in (/Applications/Microsoft Outlook.app/Contents/MacOS/../Frameworks/OPF.framework/Resources/OPF_Common.dylib) not valid for use in process using Library Validation: mapping process has no Team ID and is not a platform binary
/Applications/Microsoft Outlook.app/Contents/MacOS/../Frameworks/OPF.framework/Resources/OPF_Common.dylib: stat() failed with errno=1
I also tried to disable Gatekeeper (sudo spctl --master-disable) and sign the app with --deep parameter, neither did help. I am out of ideas.
Ok. Thanks for looking into it
@BourneLoser , @jankais3r,
I'm using Office 16.25 (macOS Mojave 10.14.5), by remove signature, I still can move profile folder location to other volume . (I'm using only one account, so, not re-sign is not a problem for me.)
- disable Gatekeeper (
sudo spctl --master-disable) sudo codesign --remove-signature /Volumes/tfData/macInstalledSW/Microsoft\ Outlook.app/
Hello any update for Office 16.30 ?
Hi,
I did the test with Outlook 2019. There is a crash like you described on April 2019.
Dear Jan, while I managed to follow your instructions (moving the Outlook-folder to an external SSD and creating a SymLink instead of the Alias, that I did at first), when I open Outlook for Mac, it does not show me any of my accounts, meaning, I would have to start from Zero. And when I open the Outlook Profile Manager, it does not show me any of my profiles, neither "Main" nor the one, that I created and used ... and are now sitting on my external SSD. I do appreciate your work and thank you for it, but maybe there is/was something missing in your instructions? Kind regards, Alexander.
Addendum, just FYI, if that helps: I just checked, that when I opened Outlook for Mac, there were two new files created in my (original) UBF8......Office-Folder: MicrosoftRegistrationDB.reg and OutlookProfile.plist. Maybe that helps you to let me know, what I might have done wrong or what might be missing in your instructions. Thanks again, Alexander.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@jankais3r, If I recall correctly, it was signing the app. The resulting binary wouldn't run as if it had become corrupt. I had detailed notes and screenshots but they were accidentally deleted when I was trying to learn how to delete things in AppleScript :/
For the record, I have not tried the unsandbox process on subsequent releases.